SymphonyElectron/.github/workflows/cve-scanning-node.yml

name: CVE Scanning for Node.js

on:
  push:
    paths:
      - 'package.json'
      - 'package-lock.json'
      - 'allow-list.json'
      - '.github/workflows/cve-scanning-node.yml'

jobs:
  scan:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [18.x]
    steps:
      - uses: actions/checkout@v3
      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v3
        with:
          node-version: ${{ matrix.node-version }}
      - run: npm config set package-lock false
      # TODO - this is ignoring package-lock.json
      - run: npm install --prod --ignore-scripts
      - run: npx --yes auditjs ossi --whitelist allow-list.json
added actions for node and semgrep 2022-11-18 08:40:22 -06:00			`name: CVE Scanning for Node.js`

			`on:`
			`push:`
			`paths:`
			`- 'package.json'`
			`- 'package-lock.json'`
			`- 'allow-list.json'`
			`- '.github/workflows/cve-scanning-node.yml'`

			`jobs:`
			`scan:`
			`runs-on: ubuntu-latest`
			`strategy:`
			`matrix:`
Bump NodeJS to v18 2023-06-15 04:12:03 -05:00			`node-version: [18.x]`
added actions for node and semgrep 2022-11-18 08:40:22 -06:00			`steps:`
			`- uses: actions/checkout@v3`
			`- name: Use Node.js ${{ matrix.node-version }}`
			`uses: actions/setup-node@v3`
			`with:`
			`node-version: ${{ matrix.node-version }}`
use npm install instead of ci 2022-11-18 08:54:39 -06:00			`- run: npm config set package-lock false`
			`# TODO - this is ignoring package-lock.json`
use --ignore-scripts on cve build 2022-11-18 09:01:24 -06:00			`- run: npm install --prod --ignore-scripts`
Bump NodeJS to v18 2023-06-15 04:12:03 -05:00			`- run: npx --yes auditjs ossi --whitelist allow-list.json`